Bugzilla – Bug 864576
VUL-1: CVE-2014-2015: freeradius-server: denial of service in rlm_pap hash processing
Last modified: 2014-04-14 17:05:00 UTC
When freeradius verifies a password sent via RLM-PAP against an LDAP server, some passwords will cause a stack overflow. Some forms of SSHA, including forms that would be validated by servers applying standard constraints on the user's password attribute, will generate lengths over 64 bytes after hex-decoding. References: http://comments.gmane.org/gmane.comp.security.oss.general/12142 https://github.com/FreeRADIUS/freeradius-server/commit/0d606cfc29a.patch https://github.com/FreeRADIUS/freeradius-server/commit/ff5147c9e5088c7.patch http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000610.html https://github.com/FreeRADIUS/freeradius-server/commit/f610864d4c8f51d.patch
bugbot adjusting priority
This is an autogenerated message for OBS integration: This bug (864576) was mentioned in https://build.opensuse.org/request/show/224190 13.1+12.3 / freeradius-server
The SWAMPID for this issue is 56488. This issue was rated as low. Please submit fixed packages until 2014-03-28. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
Affected packages: SLE-11-SP3: freeradius-server SLE-11-SP2: freeradius-server
This is an autogenerated message for OBS integration: This bug (864576) was mentioned in https://build.opensuse.org/request/show/224384 Factory / freeradius-server
openSUSE-SU-2014:0343-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 864576 CVE References: CVE-2014-2015 Sources used: openSUSE 13.1 (src): freeradius-server-2.2.0-7.4.1 openSUSE 12.3 (src): freeradius-server-2.2.0-3.8.1
Update released for: freeradius-server, freeradius-server-debuginfo, freeradius-server-debugsource, freeradius-server-devel, freeradius-server-dialupadmin, freeradius-server-doc, freeradius-server-libs, freeradius-server-utils Products: SLE-DEBUGINFO 11-SP1-TERADATA (x86_64) SLE-SERVER 11-SP1-TERADATA (x86_64)
Update released for: freeradius, freeradius-debuginfo, freeradius-devel, freeradius-dialupadmin Products: SLE-DEBUGINFO 10-SP3-TERADATA (x86_64) SLE-SERVER 10-SP3-TERADATA (x86_64)
Update released for: freeradius-server, freeradius-server-debuginfo, freeradius-server-debugsource, freeradius-server-devel, freeradius-server-dialupadmin, freeradius-server-doc, freeradius-server-libs, freeradius-server-utils Products: SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-SDK 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP3 (i386, x86_64)
Fixed and released. Closing bug.
SUSE-SU-2014:0525-1: An update that fixes one vulnerability is now available. Category: security (low) Bug References: 864576 CVE References: CVE-2014-2015 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): freeradius-server-2.1.1-7.18.1 SUSE Linux Enterprise Server 11 SP3 for VMware (src): freeradius-server-2.1.1-7.18.1 SUSE Linux Enterprise Server 11 SP3 (src): freeradius-server-2.1.1-7.18.1